xiangshen-dk · October 6, 2020 14:31
diff --git a/fluent-bit-k8s-stackdriver-gcs.yaml b/fluent-bit-k8s-stackdriver-gcs.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: fluent-bit-config
  namespace: logging
  labels:
    k8s-app: fluent-bit
 data:
  # Configuration files: server, input, filters and output
  # ======================================================
  fluent-bit.conf: |
    [SERVICE]
        Flush         1
        Log_Level     info
        Daemon        off
        Parsers_File  parsers.conf
        HTTP_Server   On
        HTTP_Listen   0.0.0.0
        HTTP_Port     2020
        Plugins_File /fluent-bit/etc/plugins.conf
  
    @INCLUDE input-kubernetes.conf
    @INCLUDE filter-kubernetes.conf
    @INCLUDE output-stackdriver.conf

  plugins.conf: |
    [PLUGINS]
        Path /fluent-bit/bin/out_gcs.so 

  input-kubernetes.conf: |
    [INPUT]
        Name              tail
        Path              /var/log/containers/*.log
        Tag               kube.*
        Parser            docker
        DB                /var/log/flb_kube.db
        Mem_Buf_Limit     20MB
        Skip_Long_Lines   On
        Refresh_Interval  10
        # Control the log line length
        Buffer_Chunk_Size       256k
        Buffer_Max_Size         10240k
        # Using the docker mode to deal with multiline messages emitted by docker
        Docker_Mode     On

  get-size.lua: |
        -- Internal function to convert a table to string.
        local table_to_string_internal = function(t)
           local s = ""
           if t ~= nil then
             for key, val in pairs(t) do
               s = s .. string.format("\"%s\": \"%s\"", key, val)
             end
           end
           return s
        end
        function cb_print(tag, timestamp, record)
          s = table_to_string_internal(record)
          log_size = string.len(s)
          record["log_size"] = log_size
          if log_size > 255000 then
            record["mytag"] = "biglog"
          end
          return 1, timestamp, record
        end

  drop-payload.lua: |
        function cb_drop(tag, timestamp, record)
          if record["mytag"] ~= nil then
            record["log"] = "Log payload is too large. Send it to https://console.cloud.google.com/storage/browser/shenxiang-fluent-bit-biglog/logs/biglog." .. tag .. "?project=shenxiang-democlound-test"
          end
          return 1, timestamp, record
        end

  filter-kubernetes.conf: |
    [FILTER]
        Name                kubernetes
        Match               kube.*
        Kube_URL            https://kubernetes.default.svc:443
        Kube_CA_File        /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        Kube_Token_File     /var/run/secrets/kubernetes.io/serviceaccount/token
        Kube_Tag_Prefix     kube.var.log.containers.
        # Try to merge the log messages
        Merge_Log           On
        Merge_Log_Key       log_processed
        K8S-Logging.Parser  On
        K8S-Logging.Exclude Off
    [FILTER]
        Name                lua
        Match               kube.*
        # lua script to get the size of a log message
        # if the size is big, also change the 'mytag' value appended in the record
        script              get-size.lua
        call                cb_print
    [FILTER]
        # rewrite the log tag if the value of 'mytag' in the log record is 'biglog'
        Name                rewrite_tag
        Match               kube.*
        Rule                $mytag ^(biglog)$ biglog.$TAG true
        Emitter_Name        re_emitted
    [FILTER]
        Name                lua
        Match               kube.*
        script              drop-payload.lua
        call                cb_drop

  output-stackdriver.conf: |
    [OUTPUT]
        Name    gcs
        Match   biglog.*
        Credential     /var/secrets/google/key.json
        Bucket  shenxiang-fluent-bit-biglog
        Prefix  logs
        Region  us-central1

    [OUTPUT]
        # write the log records still have the 'kube.*' tags to Cloud Logging
        Name    stackdriver
        Match   kube.*

  parsers.conf: |
    [PARSER]
        Name   apache
        Format regex
        Regex  ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
        Time_Key time
        Time_Format %d/%b/%Y:%H:%M:%S %z

    [PARSER]
        Name   apache2
        Format regex
        Regex  ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
        Time_Key time
        Time_Format %d/%b/%Y:%H:%M:%S %z

    [PARSER]
        Name   apache_error
        Format regex
        Regex  ^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\](?: \[pid (?<pid>[^\]]*)\])?( \[client (?<client>[^\]]*)\])? (?<message>.*)$

    [PARSER]
        Name   nginx
        Format regex
        Regex ^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
        Time_Key time
        Time_Format %d/%b/%Y:%H:%M:%S %z

    [PARSER]
        Name   json
        Format json
        Time_Key time
        Time_Format %d/%b/%Y:%H:%M:%S %z

    [PARSER]
        Name        docker
        Format      json
        Time_Key    time
        Time_Format %Y-%m-%dT%H:%M:%S.%L
        Time_Keep   On

    [PARSER]
        Name        syslog
        Format      regex
        Regex       ^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
        Time_Key    time
        Time_Format %b %d %H:%M:%S
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: fluent-bit-config
	namespace: logging
	labels:
	k8s-app: fluent-bit
	data:
	# Configuration files: server, input, filters and output
	# ======================================================
	fluent-bit.conf: \|
	[SERVICE]
	Flush 1
	Log_Level info
	Daemon off
	Parsers_File parsers.conf
	HTTP_Server On
	HTTP_Listen 0.0.0.0
	HTTP_Port 2020
	Plugins_File /fluent-bit/etc/plugins.conf

	@INCLUDE input-kubernetes.conf
	@INCLUDE filter-kubernetes.conf
	@INCLUDE output-stackdriver.conf

	plugins.conf: \|
	[PLUGINS]
	Path /fluent-bit/bin/out_gcs.so

	input-kubernetes.conf: \|
	[INPUT]
	Name tail
	Path /var/log/containers/*.log
	Tag kube.*
	Parser docker
	DB /var/log/flb_kube.db
	Mem_Buf_Limit 20MB
	Skip_Long_Lines On
	Refresh_Interval 10
	# Control the log line length
	Buffer_Chunk_Size 256k
	Buffer_Max_Size 10240k
	# Using the docker mode to deal with multiline messages emitted by docker
	Docker_Mode On

	get-size.lua: \|
	-- Internal function to convert a table to string.
	local table_to_string_internal = function(t)
	local s = ""
	if t ~= nil then
	for key, val in pairs(t) do
	s = s .. string.format("\"%s\": \"%s\"", key, val)
	end
	end
	return s
	end
	function cb_print(tag, timestamp, record)
	s = table_to_string_internal(record)
	log_size = string.len(s)
	record["log_size"] = log_size
	if log_size > 255000 then
	record["mytag"] = "biglog"
	end
	return 1, timestamp, record
	end

	drop-payload.lua: \|
	function cb_drop(tag, timestamp, record)
	if record["mytag"] ~= nil then
	record["log"] = "Log payload is too large. Send it to https://console.cloud.google.com/storage/browser/shenxiang-fluent-bit-biglog/logs/biglog." .. tag .. "?project=shenxiang-democlound-test"
	end
	return 1, timestamp, record
	end

	filter-kubernetes.conf: \|
	[FILTER]
	Name kubernetes
	Match kube.*
	Kube_URL https://kubernetes.default.svc:443
	Kube_CA_File /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
	Kube_Token_File /var/run/secrets/kubernetes.io/serviceaccount/token
	Kube_Tag_Prefix kube.var.log.containers.
	# Try to merge the log messages
	Merge_Log On
	Merge_Log_Key log_processed
	K8S-Logging.Parser On
	K8S-Logging.Exclude Off
	[FILTER]
	Name lua
	Match kube.*
	# lua script to get the size of a log message
	# if the size is big, also change the 'mytag' value appended in the record
	script get-size.lua
	call cb_print
	[FILTER]
	# rewrite the log tag if the value of 'mytag' in the log record is 'biglog'
	Name rewrite_tag
	Match kube.*
	Rule $mytag ^(biglog)$ biglog.$TAG true
	Emitter_Name re_emitted
	[FILTER]
	Name lua
	Match kube.*
	script drop-payload.lua
	call cb_drop

	output-stackdriver.conf: \|
	[OUTPUT]
	Name gcs
	Match biglog.*
	Credential /var/secrets/google/key.json
	Bucket shenxiang-fluent-bit-biglog
	Prefix logs
	Region us-central1

	[OUTPUT]
	# write the log records still have the 'kube.*' tags to Cloud Logging
	Name stackdriver
	Match kube.*

	parsers.conf: \|
	[PARSER]
	Name apache
	Format regex
	Regex ^(?<host>[^ ]) [^ ] (?<user>[^ ]) \[(?<time>[^\]])\] "(?<method>\S+)(?: +(?<path>[^\"]?)(?: +\S)?)?" (?<code>[^ ]) (?<size>[^ ])(?: "(?<referer>[^\"])" "(?<agent>[^\"])")?$
	Time_Key time
	Time_Format %d/%b/%Y:%H:%M:%S %z

	[PARSER]
	Name apache2
	Format regex
	Regex ^(?<host>[^ ]) [^ ] (?<user>[^ ]) \[(?<time>[^\]])\] "(?<method>\S+)(?: +(?<path>[^ ]) +\S)?" (?<code>[^ ]) (?<size>[^ ])(?: "(?<referer>[^\"])" "(?<agent>[^\"])")?$
	Time_Key time
	Time_Format %d/%b/%Y:%H:%M:%S %z

	[PARSER]
	Name apache_error
	Format regex
	Regex ^\[[^ ]* (?<time>[^\]])\] \[(?<level>[^\]])\](?: \[pid (?<pid>[^\]])\])?( \[client (?<client>[^\]])\])? (?<message>.*)$

	[PARSER]
	Name nginx
	Format regex
	Regex ^(?<remote>[^ ]) (?<host>[^ ]) (?<user>[^ ]) \[(?<time>[^\]])\] "(?<method>\S+)(?: +(?<path>[^\"]?)(?: +\S)?)?" (?<code>[^ ]) (?<size>[^ ])(?: "(?<referer>[^\"])" "(?<agent>[^\"])")?$
	Time_Key time
	Time_Format %d/%b/%Y:%H:%M:%S %z

	[PARSER]
	Name json
	Format json
	Time_Key time
	Time_Format %d/%b/%Y:%H:%M:%S %z

	[PARSER]
	Name docker
	Format json
	Time_Key time
	Time_Format %Y-%m-%dT%H:%M:%S.%L
	Time_Keep On

	[PARSER]
	Name syslog
	Format regex
	Regex ^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]) (?<host>[^ ]) (?<ident>[a-zA-Z0-9_\/\.\-])(?:\[(?<pid>[0-9]+)\])?(?:[^\:]\:)? (?<message>.)$
	Time_Key time
	Time_Format %b %d %H:%M:%S